THEYMES Terms of SERVICE

These terms of service and the Purchase Order incorporating these terms of service (the “Agreement”) are entered into by and between Theymes Ltd, a Finnish limited liability company with the business ID 3369440-8, (“Theymes”) andthe Customer, as defined in the Purchase Order.

This Agreement governs the Customer’s use of certain expert support services for gaming companies provided by Theymes, including service offerings such as an End-User faced support SaaS offering and a knowledge management system (“Services”), and in-game SDK tools (“SDK Tool”). The services ordered by the Customer are specified in the Customer’s purchase order incorporating these terms of service (“Purchase Order”).

GRANT OF RIGHTS

Subject to compliance with the terms of the Agreement, Theymes hereby grants to the Customer a limited, non-exclusive, non-transferable, non-sublicensable, revocable license to use the Services specified in the purchase order in its internal operations during the term of this Agreement.

Subject to compliance with the terms of the Agreement, Theymes hereby grants to the Customer a limited, non-exclusive, non-transferable, revocable license during the term of this Agreement (i) to use the SDK Tool for the purpose of integrating it into the Customer’s own product offering (“Customer Product”), and (ii) to distribute the SDK Tool in object code format to its own customers (“End-Users”) as an integrated part of the Customer Product.

The Customer grants Theymes a limited, non-exclusive, non-transferable, non-sublicensable and worldwide right to use the content it may create, upload and otherwise process in the Services (“Customer Content”) for the term of this Agreement and for the purpose of providing the Services under this Agreement.

CUSTOMER’S OBLIGATIONS

The Customer is responsible for acquiring and maintaining any and all network connections, hardware and software required for the use of the Services and is responsible for such connections, hardware and software, including their functioning, maintenance and security, as well as for ensuring that the Services fulfil the Customer's intended purpose of use.

The Customer is responsible for agreeing with any third parties on the use of application programming interfaces (APIs) or other functionalities and terms necessary for the use of the Services, and, if necessary, giving its consent to access and read the data of the Customer to the extent necessary for the provision of the Services.

The Customer’s use of the SDK Tool and Services must comply with all applicable laws. The Customer is solely responsible for its own compliance with applicable laws, including the acquisition of any licenses or permits and the filing of any notices and reports to authorities required under applicable law, if any.

The Customer is responsible for all use of the Services under the Customer’s user accounts. Customer shall use all reasonable endeavours to prevent unauthorised access to, or use of, the Services. All passwords and other identifiers relating to the Customer’s users shall be kept confidential. In the event of or if Customer or its user has reason to suspect any unauthorised access or use of the Service, or if any password has been revealed to a third party, the Customer shall promptly notify Theymes.

RESTRICTIONS OF USE

The Customer shall only use the SDK Tool and Services in strict accordance with the terms of this Agreement. The Customer shall not use, or permit the use of, the SDK Tool or Services by more than the maximum number of users or applications, as applicable, specified in the applicable Purchase Order.

The Customer shall not, under any circumstances: (i) sublicense, lease, or redistribute access to the Services to a third party; (ii) circumvent or reverse engineer any features, functionalities, logic, source code, or usage restrictions and limits of the SDK Tool or Services; (iii) probe, scan, or test the vulnerability of the SDK Tool or Services without prior agreement with Theymes; (iv) use the SDK Tool or Services in a manner that accesses or uses any information beyond what Theymes allows under this Agreement or that breaks, or circumvents any of Theymes’s technical or organisational security measures; (v) use the SDK Tool or Services to create a service substantially similar to services; (vi) perform any actions that could damage, disable, disrupt, overburden or impair the SDK Tool or Services or its underlying services or systems; (vii) attempt to change, distort or modify the SDK Tool or Services or any underlying systems; (viii) transmit any malicious code, viruses or malware or other code or programming that may damage or detrimentally interfere with the SDK Tool or Services or any underlying services or systems; (ix) remove, obscure, or alter any copyright, trademark, or other proprietary rights notices; or (x) use the SDK Tool or Services in violation of any applicable law.

PRICES AND PAYMENT TERMS

The prices and fees for the SDK Tool and Services are set out in the Purchase Order.

After the Initial Term, Theymes is entitled to adjust the prices annually by providing the Customer with a prior notice of at least thirty (30) calendar days. In case the Customer disagrees with such adjustments, the Customer is entitled to terminate this Agreement by providing Theymes with a notice thereof prior to the effective date of such adjustment of the fees.

The payment term shall be fourteen (14) calendar days from the date of the invoice. Late payment interest shall accrue as set out in the Finnish Interest Act (633/1982, as amended).

Any value added tax will be added to the prices set out in the Agreement in accordance with the applicable laws and regulations.

CUSTOMER CONTENT AND PERSONAL DATA

The Customer shall have sole responsibility for the legality, accuracy, and quality of the Customer Content. The Customer acknowledges that Theymes shall not take any measures to verify Customer Content, including its validity or accuracy.

Theymes shall have the right to generate aggregate, statistical and other data based on the Customer Content processed in the Services and on the Customer’s use of the Services (Aggregate Data) and to use Aggregate Data to improve and enhance its services and for other development, diagnostic and corrective purposes, provided that Aggregate Data does not reveal the identity of the Customer or its users.

If and to the extent Theymes processes personal data on behalf of the Customer as a processor, the terms on the processing of personal data provided in the data processing agreement (Appendix 1) shall apply.

THIRD-PARTY SERVICES AND DATA

The Customer acknowledges that the Customer Content and certain other data and information in the Services will originate from the Customer or third-party sources (such as through application programming interfaces (APIs)). The Customer acknowledges that Theymes shall not take any measures to verify such data, including its validity or accuracy.

This Agreement covers exclusively the SDK Tool and Services provided by Theymes and the use thereof. Any and all third-party services, data or application programming interfaces included or linked to the SDK Tool or Services are provided by the relevant third parties and covered by their terms of service or other agreement or licenses. Theymes does not assume any liability whatsoever regarding use of such third-party services, data or application programming interfaces.

INTELLECTUAL PROPERTY RIGHTS

This Agreement does not grant any rights to either Party under any Intellectual Property Right of the other Party except as expressly set forth herein.

All rights, title, interest, including any Intellectual Property Rights, in and to the SDK Tool, Services and Aggregate Data, as well as any related documentation and any copies, updates, modifications, translations, amendments, and derivatives thereof are the sole and exclusive property of Theymes and/or its subcontractors or licensors.

All rights, title, interest, including any Intellectual Property Rights, in and to Customer Content are the sole and exclusive property of the Customer and/or its subcontractors or licensors.

“Intellectual Property Rights” shall be understood in the broadest sense, including but not limited to any copyright, patent, trademark, design right, database protection right, and any other form of statutory protection of any kind (whether registered or unregistered) and applications for any of the foregoing respectively as well as any know-how, inventions, and trade secrets.

Theymes shall indemnify, defend, and hold harmless Customer, its officers, directors, employees, and agents (collectively, the Indemnitees) from any and all claims, demands, suits, actions, liabilities, damages, losses, costs, and expenses (including reasonable attorneys’ fees) arising out of or relating to infringement of third-party Intellectual Property Rights resulting from the use of the SDK Tool or Services. Theymes’ obligations are conditioned upon Customer providing prompt written notice, giving Theymes sole control of defense and settlement negotiations, and cooperating with Theymes in the defense of such claims.

At any time, if Theymes reasonably deems that any part of the SDK Tool or Services infringe the Intellectual Property Rights of a third party, or in the event of a third-party claim, Theymes may, at its sole expense, either (a) procure for the Customer the right to continue using the relevant SDK Tool or Service; or (b) replace or modify the SDK Tool or Service to make it non-infringing. If neither of the aforementioned alternatives are reasonably possible, Theymes shall have the right to terminate this Agreement.

Theymes has no obligation to indemnify Indemnitees to the extent the claim arises from (a) use or combination of a Service with products or services not provided by Theymes; (b) modifications to the SDK Tool or Services not provided by Theymes; (c) compliance with instructions or specifications provided by Customer, or (d) use of the SDK Tool or a Service in a way not instructed by Theymes or in a breach of any relevant terms of use or this Agreement.

CONFIDENTIALITY

Both Parties agree not to disclose any information received by one Party from the other which is marked as confidential or which is to be understood as confidential, including but not limited to information regarding the business activities, products, technologies, know-how, objectives or plans of the Parties or their subsidiaries received from each other (the Confidential Information) and agree not to use Confidential Information for any other purpose than the fulfilment of its rights and obligations under this Agreement. Both Parties agree not to disclose Confidential Information of the other Party to others than those employees, advisors, subsidiaries, subcontractors, service providers or its other cooperation partners who necessarily need the Confidential Information for the purposes of this Agreement.

Confidential Information does not include any information that (i) was in the receiving Party’s possession at the time of disclosure, as demonstrated by its written records; (ii) is in the public domain at the time of disclosure or later becomes part of the public domain through no fault of the receiving Party; (iii) is lawfully received from a third party who is not under any obligation to maintain the confidentiality thereof; or (iv) has been independently developed by the receiving Party without access to, use of or reference to the Confidential Information, as demonstrated by its written records.

The Parties agree to apply appropriate security measures to Confidential Information and to treat Confidential Information at least with the same care as their own Confidential Information.

The rights and obligations set forth in this Section 8 (Confidentiality) shall survive the termination or expiration of this Agreement.

AVAILABILITY of the Services

Theymes shall use commercially reasonable efforts to ensure the availability of the Services. The Customer acknowledges that the Services are offered on a best effort basis. Notwithstanding the foregoing, should the Parties have agreed on the availability of the Services in a separate service level agreement annexed hereto, the terms of such agreement shall prevail in relation to the subject matter thereof.

In the event of an emergency, failure, security breach, network disruption or disruptions of third-party suppliers, without limiting any other rights of Theymes, the Services or parts thereof may be temporarily interrupted or suspended. Theymes shall inform the Customer of the suspension and the duration of the estimated suspension in advance or, if this is not reasonably possible, without undue delay after Theymes has become aware of such occurrence.

Theymes undertakes to take reasonable efforts to inform the Customer of any planned disruptions (such as installation work, changes, maintenance) to the Services or parts thereof in advance.

Theymes shall have the right to deny the Customer's access to the Services without any prior notice to the Customer if Theymes suspects that the Customer breaches this Agreement or burdens or uses the Services in a manner which may jeopardise the Services or their security, or under similar circumstances. Theymes shall inform the Customer of the reasons for such denial without undue delay.

Updates and MODIFICATIONS

Theymes may make updates, modifications, or amendments to the SDK Tool and Services at any time at its sole discretion and without notifying the Customer thereof, provided that such changes do not materially affect the Customer’s use of the SDK Tool and Services. Theymes shall use its commercially reasonable efforts to deliver the updates, modifications, or amendments to the SDK Tool and Services to the Customer as such updates are made generally available.

If Theymes introduces changes materially affecting the SDK Tool or Services, Theymes shall notify the Customer thereof in advance. If the Customer does not accept such material change, the Customer has the right to terminate the Agreement by notifying Theymes thereof prior to the effective date of such change.

SUBCONTRACTORS

Theymes shall be entitled to use subcontractors for the provision of the SDK Tool and Services, as well as any other services, as applicable. Theymes shall be liable for the subcontractors’ work and services in the same manner as for its own work and services.

No WARRANTY

The SDK Tool is provided “as is” and “as available” without warranty of any kind, either express or implied, including without limitation, warranty of merchantability or fitness for a particular purpose. Theymes shall have no liability for any damage to the Customer’s Customer Product, software, hardware, data, information and/or business resulting from or otherwise related to the Customer’s use of the SDK Tool. The Customer may not pass any express or implied warranties, nor any liability of any kind, from Theymes to the End-Users.

Except as expressly stated herein, Theymes disclaims all warranties, whether implied, express or statutory, including, without limitation, warranty of merchantability or fitness for a particular purpose in relation to the Services. Theymes shall not be responsible for any errors, interruptions or disturbances in the Services.

Customer acknowledges and understands that the Services rely on integrations to third-party services and Customer Content and other data from such services. Theymes shall not be liable for any damages resulting or relating to such third-party services or Customer Content, including but not limited to damages resulting from the third-party services being unavailable or from the Customer Content being faulty.

TERM AND TERMINATION

This Agreement shall enter into force upon the signature or other written or electronic acceptance of the Purchase Order by both Parties (“Effective Date”) and remain in force as set out below.

In case a trial period (“Trial Period”) has been agreed upon in the Purchase Order, such Trial Period shall commence on the Effective Date and, unless otherwise agreed in the Purchase Order, continue in force for a fixed period of two (2) months. During the Trial Period, the Customer may terminate this Agreement with seven (7) calendar days written notice.

After the possible Trial Period, the Agreement shall, unless terminated as set out above, automatically continue in force for a fixed period set out in the Purchase Order (“Initial Term”). In case no Initial Term has been set out in the Purchase Order, the Initial Term shall be twelve (12) months from the expiry of the Trial Period.

After the Initial Term, the Agreement shall, unless terminated as set out below, automatically continue to be in force for recurring fixed renewal periods set out in the Purchase Order (“Renewal Term”). In case no Renewal Term has been set out in the Purchase Order, the Renewal Term shall be twelve (12) months from the expiry of the Initial Term. During the Initial Term and the Renewal Term, each Party may terminate this Agreement, to terminate at the end of the then ongoing Initial Term or Renewal Term, by providing a written notice to the other Party at least thirty (30) calendar days prior to the expiry of the then ongoing Initial Term or Renewal Term.

Each Party may terminate this Agreement with immediate effect by written notice at any time during this Agreement if the other Party: (i) is dissolved or liquidated, is declared bankrupt or otherwise becomes the subject to other insolvency proceedings; or (ii) materially breaches this Agreement and (if such breach is curable) fails to cure such breach within fourteen (14) calendar days of being notified in writing to do so.

Upon the termination or expiration of this Agreement, all rights and licenses granted hereunder shall immediately terminate. The Customer agrees to immediately (i) cease any and all use of the SDK Tool and Services; and (ii) return to Theymes or destroy all copies of the SDK Tool, any Service, and any related materials in its possession.

LIMITATION OF LIABILITY

Neither Party shall be liable for any indirect or consequential damages, including but not limited to, loss of profit, loss of revenue, loss of opportunity, loss of goodwill or reputation, loss of data or information or loss of interest.

Each Party shall be liable for direct damages resulting from a breach of this Agreement. A Party’s total aggregate liability arising from or related to this Agreement is limited to the amount equal to the fees charged by Theymes during the six (6) months preceding the event giving rise to the claim for damages.

The exclusions and limitations of liability in this section shall not apply to any damages resulting from gross negligence or willful misconduct or in the case of breach of the restrictions agreed in Section 3 (Restrictions of Use), breach of any Intellectual Property Rights (Section 7) or the confidentiality obligations (Section 8) set out in this Agreement.

Amendments to the Terms

Theymes is entitled to amend the Agreement (including documents and terms referenced therein) with no less than thirty (30) days’ prior written notice to the Customer before the effective date of the amendment. Such notice may be posted in the Service or provided otherwise in writing to the Customer.

If Theymes amends the Agreement in a substantive way and the Customer does not accept the amended Agreement, the Customer has the right to terminate the Agreement by notifying Theymes thereof in writing prior to the effective date of the amendment. In the absence of the Customer’s notice of termination in accordance with the above, the Customer shall be deemed to have accepted the amended Agreement.

Miscellaneous

Force Majeure

Neither Party shall be liable for its failure to perform its obligations under the Agreement, to the extent such failure is due to circumstances beyond the affected Party's control and which the affected Party could not reasonably have foreseen, avoided or overcome (Force Majeure). Strikes, lock-outs, pandemics, warfare, boycotts and other industrial disputes shall be considered Force Majeure also in the event that the affected Party is the target of or a party to such a dispute. The affected Party must, without undue delay, notify the other Party of the Force Majeure as well as its effect on the affected Party's ability to perform its obligations under the Agreement. The affected Party must also, without undue delay, notify the other Party once it is no longer affected by the Force Majeure.

Severance

If any provision of this Agreement is declared by any judicial or other competent authority to be void, illegal, or otherwise unenforceable, the remaining provisions of this Agreement shall remain in full force and effect.

Survival

Expiration or termination of this Agreement for any reason shall not release either Party from any liability or obligation set forth in this Agreement which (i) the Parties have expressly agreed will survive any such expiration or termination, or (ii) by their nature would be intended to be applicable following such expiration or termination, including, but not limited to, Sections 7 (Intellectual Property Rights) and 8 (Confidentiality).

Relationship of Parties

The relationship between the Parties under this Agreement shall be that of independent contractors. Nothing herein shall be construed to create any relationship of joint venture, partnership or agency between the Parties.

GOVERNING LAW AND JURISDICTION

This Agreement shall be governed by and construed in accordance with the laws of Finland, excluding its provisions on the choice of law.

Any dispute, controversy or claim arising out of or relating to this Agreement, or the breach, termination or validity thereof, shall be finally settled by arbitration in accordance with the Arbitration Rules of the Finland Chamber of Commerce. The number of arbitrators shall be one (1). The seat of arbitration shall be Helsinki, Finland. The language of the proceedings shall be English.

APPENDICES

Appendix 1: Data Processing AgreementAppendix 1: Data Processing Agreement

This Data Processing Agreement (DPA) is a part of the Agreement on the use of the Theymes service between Theymes and the Customer.

GENERAL

This DPA forms an integral part of the Agreement and shall apply to all processing of personal data under the Agreement. Where applicable and if not explicitly otherwise stated, the terms of the Agreement, such as governing law and dispute resolution, apply to this DPA. If the Agreement or any other document contains provisions regarding the processing of personal data that conflict with this DPA, this DPA shall have precedence.

The Customer is the controller under the General Data Protection Regulation (EU 2016/679, GDPR) and Theymes processes personal data on behalf of the Customer as a processor when providing the Service. If and to the extent the Customer acts as a processor in relation to another controller, Theymes shall act as a subprocessor.

The Customer is responsible for the lawful processing of personal data as well as compliance with the GDPR and other legislation regarding the processing of personal data. Where applicable, the Customer is responsible for having the required rights and necessary permissions to use and disclose personal data to Theymes for the purposes of the Agreement.

The subject matter, categories, types of data and other details of the processing are described in Schedule 1 of this DPA (Description of the Processing).

PROCESSING OF PERSONAL DATA

Theymes shall only process personal data in accordance with this DPA and documented instructions from the Customer unless required otherwise by EU or member state legislation. In such a case, Theymes shall inform the Customer of the requirement before processing unless prevented by such legislation.

The Customer’s instructions for the processing are primarily set forth in the Agreement and this DPA. Any other instructions must be commercially reasonable, compliant with applicable legislation, and consistent with the Agreement. In case the Customer’s instructions require additional work by Theymes, Theymes has the right to charge reasonable costs of complying with the instructions from the Customer.

In case Theymes considers any instruction given by the Customer to be in contravention to EU or member state legislation, Theymes shall not be obliged to comply with such instruction and shall inform the Customer.

SECURITY

Theymes shall implement appropriate technical and organisational measures to protect the personal data within its area of responsibility in order to safeguard the data against unauthorized or unlawful processing or access and against accidental loss, destruction of personal data, taking into account the costs of implementation as well as the nature, scope, context and purposes of processing carried out by Theymes, as well as the risks for the rights and freedoms of natural persons. The measures shall include, where appropriate and depending on the context: (i) the pseudonymization and encryption of personal data; (ii) the ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and the Service; (iii) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; (iv) a process for regularly testing, assessing, and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

Theymes shall ensure the persons processing personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

ASSISTANCE

Taking into account the nature of the processing and where possible, Theymes shall assist the Customer with appropriate technical and organisational measures to fulfil the Customer’s obligation to respond to requests regarding the data subject’s rights under Chapter III of the GDPR.

Taking into account the nature of the processing and the information available to Theymes, Theymes shall assist the Customer in ensuring compliance with the Customer’s obligations set out in Articles 32 to 36 of the GDPR (e.g. to perform security and data protection impact assessments, breach notifications and prior consultations of the competent supervisory authority).

INTERNATIONAL TRANSFERS

Theymes provides the Service from the EU/EEA. In case the Customer operates outside the EU/EEA or personal data is otherwise transferred outside the EU/EEA to a country not recognized by the European Commission as having an adequate level of data protection, Theymes and the Customer shall ensure the transfer complies with Chapter V of the GDPR by using a valid transfer mechanism, such as standard contractual clauses adopted by the European Commission, and if necessary, implementing additional safeguards and carrying out a transfer impact assessment to ensure an appropriate level of protection of the personal data.

PERSONAL DATA BREACH

In case of a personal data breach concerning personal data processed on behalf of the Customer, Theymes shall notify the Customer without undue delay upon becoming aware of a breach. Theymes shall provide the Customer with sufficient information to allow the Customer to meet its obligations under the applicable data protection legislation. If all information is not available at once, Theymes may supplement the information later without undue delay.

AUDITS

The Customer or an auditor appointed by the Customer shall have the right to audit the processing activities of Theymes under this DPA to assess the compliance with this DPA and the applicable data protection legislation. The audit shall take place during ordinary business hours of Theymes and with at least thirty (30) calendar days prior written notice. The Customer shall bear all costs for any audits. Where an audit may lead to the disclosure of business or trade secrets of Theymes, the Customer shall employ an independent expert to carry out the audit, and the expert shall agree to be bound by confidentiality to Theymes’s benefit.

At the Customer’s request, Theymes shall make available information necessary to demonstrate compliance with the GDPR.

SUBPROCESSORS

The Customer gives its general authorization for Theymes to engage subprocessors to process personal data in connection with the provision of the Service.

Theymes shall be free to choose and change its subprocessors. The list of subprocessors included in the processing on the Effective Date is included in Schedule 1 of this DPA. In case there is a later change in subprocessors, Theymes shall notify the Customer of such change and allow the Customer to object to the change on reasonable grounds related to data protection. If Theymes is not willing or able to change the subprocessor objected to by the Customer, both Parties shall have the right to terminate the Agreement and this DPA.

Where Theymes uses a subprocessor for the processing of personal data, it shall ensure data protection obligations of at least the same level as set out in this DPA shall apply to the subprocessor. Where a subprocessor fails to fulfil its data protection obligations, Theymes shall remain liable to the Customer for the performance of the subprocessor’s obligations.

LIABILITY

Each Party’s liability for the damages incurred by any data subject in connection with the processing of Personal Data under the Agreement and this DPA shall be defined in accordance with Article 82 of the GDPR, or another corresponding and applicable provision of compulsory data protection legislation.

Theymes shall not be liable for any indirect or consequential loss or damage caused in connection with this DPA. Otherwise, the liability terms of the Agreement shall apply to processing of the Personal Data by Theymes on behalf of the Customer.

Schedule 1: Description of the Processing

Subject-matter and duration of the processing

Personal data is processed to provide the Service for the Customer’s use under the Agreement. Personal data shall be processed for the term of the Agreement.

Nature and purpose of the processing

Personal data is processed for the purpose of carrying out the obligations of the Agreement and providing the Service, including managing user rights to the Service and providing the functionalities of the Service, such as priority support and the upkeep of the support portal and other Customer Content that may contain personal data.

Categories of data subjects and types of personal data

The data subjects are the users and end users of the Service and any persons whose data is included in the Customer Content by the Customer. The personal data consists of user account details and any data that is included in the Customer Content, such as contact information, usernames, and end user interactions with the Service where the interactions are considered personal data.

Subprocessors